Ukraine is sounding the alarm on a potential Russian cyberattack that could rival 'NotPetya'

A message demanding Bitcoin is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank, after Ukrainian institutions were hit by cyber attacks, in Kiev, Ukraine June 27, 2017. Valentyn Ogirenko/Reuters

Ukrainian officials believe companies, including banks and energy infrastructure firms, could be targeted by malware in one massive strike.

Since January, Ukraine police have identified viruses in phishing emails sent from legitimate domains of state institutions whose systems were hacked.

A virus dubbed "NotPetya" hit Ukraine in June 2017, taking down government agencies and businesses before spreading to corporate networks around the globe, causing companies billions of dollars in losses.

Officials believe the scale of the current campaign is the same as NotPetya.

The hackers are targeting companies, including banks and energy infrastructure firms, in a roll out that suggests they are preparing to activate the malware in one massive strike, cyber police chief Serhiy Demedyuk said. Ukrainian police are working with foreign authorities to identify the hackers, Demedyuk added.

Law enforcement and corporate security teams around the world pay close attention to cyber threats in Ukraine, where some of the most destructive hacks in history have originated. A virus dubbed "NotPetya" hit Ukraine in June 2017, taking down government agencies and businesses before spreading to corporate networks around the globe, causing companies billions of dollars in losses.

"The fact that the Ukraine government has decided to go public with this shows that they are scared that this could have a big impact and want people to be aware," said Jaime Blasco, chief scientist with cybersecurity firm AlienVault.

It is difficult to contain the impact of a cyberattack within one nation, so it is possible this new threat could spread around the globe, he added.

Since the start of the year, Ukraine police have identified viruses in phishing emails sent from legitimate domains of state institutions whose systems were hacked and fake webpages mimicking that of a real state body.

Hackers have sought to evade detection by breaking malware into separate files, which are put onto targeted networks before they activate them, Demedyuk said.

"Analysis of the malicious software that has already been identified and the targeting of attacks on Ukraine suggest that this is all being done for a specific day," he said.

Relations between Ukraine and Russia plunged following Russia's annexation of Crimea in 2014, and Kiev has accused Russia of orchestrating large-scale cyberattacks as part of a "hybrid war" against Ukraine, which Moscow repeatedly denies.

Some attacks have coincided with major Ukrainian holidays. Demedyuk said another strike could be launched on Thursday — Constitution Day — or on Independence Day in August.

The United States and Britain joined Ukraine in blaming Russia for the NotPetya campaign in 2017. It took a costly toll on quarterly results of major global corporations including Cadbury chocolate maker Mondelez International and freight logistics company FedEx.

Representatives with the US Federal Bureau of Investigation could not be reached for comment on Tuesday afternoon.

An employee shows an alleged malicious script used during a Bad Rabbit virus attack, at the Ukrainian Cyber Police headquarters in Kiev, Ukraine November 2, 2017. Valentyn Ogirenko/Reuters

The scale of the current campaign is the same as NotPetya, according to Demedyuk.

"This is support on a government level - very expensive and very synchronized. Without the help of government bodies, it would not be possible. We're talking now about the Russian Federation," he said.

Ukraine is better prepared to withstand such attacks thanks to cooperation with foreign allies including the United States, Britain and NATO, Demedyuk said.

Still, there are some Ukrainian companies that have not cleaned their computers after NotPetya struck, which means they are still infected by that virus and vulnerable to being used for another attack.

"We are sounding the alarm to remind people - come to your senses, check your equipment," he said.

Reporting by Pavel Polityuk; Additional reporting by Angela Moon in New York and Margarita Popova in Moscow; Writing by Matthias Williams; Editing by Philippa Fletcher, Jim Finkle and Lisa Shumaker